public void OnActionExecuting(ActionExecutingContext context) { if (!ManagementConfig.Instance.Authentication) { return; } var signType = context.HttpContext.Request.Headers["auth-type"]; if (signType == "apikey") { var sign = context.HttpContext.Request.Headers["sign"]; var chainId = context.ActionArguments["chainId"].ToString(); var method = context.HttpContext.Request.Method; var timestamp = context.HttpContext.Request.Headers["timestamp"]; if (ApiAuthenticationHelper.Check(ApiKeyConfig.Instance.ChainKeys[chainId], chainId, method, timestamp, sign, ManagementConfig.Instance.SignTimeout)) { return; } context.Result = new JsonResult(new ApiEmptyResult(401, "Unauthorized")); } else { throw new Exception(); } }
public void TimeoutTest() { var chainApiKey = Guid.NewGuid().ToString("N"); var chainId = Guid.NewGuid().ToString("N"); var method = "post"; var timestamp = ApiAuthenticationHelper.GetTimestamp(DateTime.Now.AddMinutes(-6)); var sign = ApiAuthenticationHelper.GetSign(chainApiKey, chainId, method, timestamp); var checkResult = ApiAuthenticationHelper.Check(chainApiKey, chainId, method, timestamp, sign, 5); Assert.False(checkResult); }
public void SignAndVerifyTest() { var chainApiKey = Guid.NewGuid().ToString("N"); var chainId = Guid.NewGuid().ToString("N"); var method = "get"; var timestamp = ApiAuthenticationHelper.GetTimestamp(DateTime.Now); var sign = ApiAuthenticationHelper.GetSign(chainApiKey, chainId, method, timestamp); var checkResult = ApiAuthenticationHelper.Check(chainApiKey, chainId, method, timestamp, sign, 5); Assert.True(checkResult); }
public async Task <IActionResult> GetToken([FromBody] LoginViewModel model) { if (ModelState.IsValid) { var user = await _userManager.FindByEmailAsync(model.UserName); var result = await _signinManager.CheckPasswordSignInAsync(user, model.Password, false); if (result.Succeeded) { var credentials = ApiAuthenticationHelper.GetCredentials(); var claims = ApiAuthenticationHelper.GetClaims(user); var token = ApiAuthenticationHelper.GetSecurityToken(claims, credentials); var response = new { token = new JwtSecurityTokenHandler().WriteToken(token), expiration = token.ValidTo }; return(Created("", response)); } } return(BadRequest()); }
private async Task <HttpResponseMessage> SendChainDeploymentRequestFor(Hash sideChainId, Hash parentChainId) { var chainId = parentChainId.DumpHex(); var endpoint = ManagementConfig.Instance.SideChainServicePath.TrimEnd('/') + "/" + chainId; var request = new HttpRequestMessage(HttpMethod.Post, endpoint); var deployArg = new DeployArg(); deployArg.SideChainId = sideChainId.DumpHex(); deployArg.AccountPassword = "******"; deployArg.LauncherArg.IsConsensusInfoGenerator = true; deployArg.LighthouseArg.IsCluster = false; var content = JsonSerializer.Instance.Serialize(deployArg); var c = new StringContent(content); c.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json"); c.Headers.Add("auth-type", "apikey"); var timestamp = ApiAuthenticationHelper.GetTimestamp(DateTime.Now); c.Headers.Add("sign", ApiAuthenticationHelper.GetSign(ApiKeyConfig.Instance.ChainKeys[chainId], chainId, "post", timestamp)); c.Headers.Add("timestamp", timestamp); request.Content = c; return(await _client.SendAsync(request)); }